Files
puppet-ceph/manifests/mon.pp
Matthew J. Black adcce43d26 Explicit conditional with ensure statement
The ensure conditional allowed any value other than present
to ensure absent an osd. If the user had mistakenly put the
value at 'presen' or 'presentt' it would remove the OSD.
The conditional has been update prevents any value other than
either present or absent from being acceptable.

Change-Id: I7440544518ae5f830a76c2ae222d8b8610b0c97d
2016-07-11 20:22:47 -04:00

260 lines
8.0 KiB
Puppet

#
# Copyright (C) 2013 Cloudwatt <libre.licensing@cloudwatt.com>
# Copyright (C) 2013, 2014 iWeb Technologies Inc.
# Copyright (C) 2014 Nine Internet Solutions AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Author: Loic Dachary <loic@dachary.org>
# Author: David Moreau Simard <dmsimard@iweb.com>
# Author: David Gurtner <aldavud@crimson.ch>
#
# == Define: ceph::mon
#
# Installs and configures MONs (ceph monitors)
#
# === Parameters:
#
# [*title*] The MON id.
# Mandatory. An alphanumeric string uniquely identifying the MON.
#
# [*ensure*] Installs ( present ) or remove ( absent ) a MON
# Optional. Defaults to present.
# If set to absent, it will stop the MON service and remove
# the associated data directory.
#
# [*public_addr*] The bind IP address.
# Optional. The IPv(4|6) address on which MON binds itself.
#
# [*cluster*] The ceph cluster
# Optional. Same default as ceph.
#
# [*authentication_type*] Activate or deactivate authentication
# Optional. Default to cephx.
# Authentication is activated if the value is 'cephx' and deactivated
# if the value is 'none'. If the value is 'cephx', at least one of
# key or keyring must be provided.
#
# [*key*] Authentication key for [mon.]
# Optional. $key and $keyring are mutually exclusive.
#
# [*keyring*] Path of the [mon.] keyring file
# Optional. $key and $keyring are mutually exclusive.
#
# [*exec_timeout*] The default exec resource timeout, in seconds
# Optional. Defaults to $::ceph::params::exec_timeout
#
define ceph::mon (
$ensure = present,
$public_addr = undef,
$cluster = undef,
$authentication_type = 'cephx',
$key = undef,
$keyring = undef,
$exec_timeout = $::ceph::params::exec_timeout,
) {
include ::stdlib
# a puppet name translates into a ceph id, the meaning is different
$id = $name
if $cluster {
$cluster_name = $cluster
$cluster_option = "--cluster ${cluster_name}"
} else {
$cluster_name = 'ceph'
}
$mon_service = "ceph-mon-${id}"
# For Ubuntu Trusty system
if $::service_provider == 'upstart' {
$init = 'upstart'
Service {
name => $mon_service,
provider => $::ceph::params::service_provider,
start => "start ceph-mon id=${id}",
stop => "stop ceph-mon id=${id}",
status => "status ceph-mon id=${id}",
}
}
elsif $::service_provider == 'systemd' {
$init = 'systemd'
Service {
name => $mon_service,
provider => $::ceph::params::service_provider,
start => "systemctl start ceph-mon@${id}",
stop => "systemctl stop ceph-mon@${id}",
status => "systemctl status ceph-mon@${id}",
}
# For Red Hat systems (not supporting Jewel now, only Hammer)
} else {
$init = 'sysvinit'
Service {
name => $mon_service,
provider => $::ceph::params::service_provider,
start => "service ceph start mon.${id}",
stop => "service ceph stop mon.${id}",
status => "service ceph status mon.${id}",
}
}
if $ensure == present {
$ceph_mkfs = "ceph-mon-mkfs-${id}"
if $authentication_type == 'cephx' {
if ! $key and ! $keyring {
fail("authentication_type ${authentication_type} requires either key or keyring to be set but both are undef")
}
if $key and $keyring {
fail("key (set to ${key}) and keyring (set to ${keyring}) are mutually exclusive")
}
if $key {
$keyring_path = "/tmp/ceph-mon-keyring-${id}"
Ceph_config<||> ->
exec { "create-keyring-${id}":
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
cat > ${keyring_path} << EOF
[mon.]
key = ${key}
caps mon = \"allow *\"
EOF
chmod 0444 ${keyring_path}
",
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data) || exit 1 # if ceph-mon fails then the mon is probably not configured yet
test -e \$mon_data/done
",
}
Exec["create-keyring-${id}"] -> Exec[$ceph_mkfs]
} else {
$keyring_path = $keyring
}
} else {
$keyring_path = '/dev/null'
}
if $public_addr {
ceph_config {
"mon.${id}/public_addr": value => $public_addr;
}
}
Ceph_config<||> ->
# prevent automatic creation of the client.admin key by ceph-create-keys
exec { "ceph-mon-${cluster_name}.client.admin.keyring-${id}":
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
touch /etc/ceph/${cluster_name}.client.admin.keyring",
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
test -e /etc/ceph/${cluster_name}.client.admin.keyring",
}
->
exec { $ceph_mkfs:
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
if [ ! -d \$mon_data ] ; then
mkdir -p \$mon_data
if getent passwd ceph >/dev/null 2>&1; then
chown -h ceph:ceph \$mon_data
if ceph-mon ${cluster_option} \
--setuser ceph --setgroup ceph \
--mkfs \
--id ${id} \
--keyring ${keyring_path} ; then
touch \$mon_data/done \$mon_data/${init} \$mon_data/keyring
chown -h ceph:ceph \$mon_data/done \$mon_data/${init} \$mon_data/keyring
else
rm -fr \$mon_data
fi
else
if ceph-mon ${cluster_option} \
--mkfs \
--id ${id} \
--keyring ${keyring_path} ; then
touch \$mon_data/done \$mon_data/${init} \$mon_data/keyring
else
rm -fr \$mon_data
fi
fi
fi
",
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
test -d \$mon_data
",
logoutput => true,
timeout => $exec_timeout,
}->
service { $mon_service:
ensure => running,
}
# if the service is running before we setup the configs, notify service
Ceph_config<||> ~>
Service[$mon_service]
if $authentication_type == 'cephx' {
if $key {
Exec[$ceph_mkfs] -> Exec["rm-keyring-${id}"]
exec { "rm-keyring-${id}":
command => "/bin/rm ${keyring_path}",
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
test ! -e ${keyring_path}
",
}
}
}
} elsif $ensure == absent {
service { $mon_service:
ensure => stopped
}
->
exec { "remove-mon-${id}":
command => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
rm -fr \$mon_data
",
unless => "/bin/true # comment to satisfy puppet syntax requirements
set -ex
which ceph-mon || exit 0 # if ceph-mon is not available we already uninstalled ceph and there is nothing to do
mon_data=\$(ceph-mon ${cluster_option} --id ${id} --show-config-value mon_data)
test ! -d \$mon_data
",
logoutput => true,
timeout => $exec_timeout,
} ->
ceph_config {
"mon.${id}/public_addr": ensure => absent;
} -> Package<| tag == 'ceph' |>
} else {
fail('Ensure on MON must be either present or absent')
}
}